Paramiko - Regenerate ssh key / Python Automation
Posted: Wed Aug 10, 2022 6:52 pm
Hello,
I was wondering if anyone has a workaround for dealing with "confirmation" in routeros while using paramiko to execute commands?
I built a simple tool to quickly run through multiple units and restrict services + set strong crypto to yes and increase host-key-size.
The problem is this script seems to fail with: 'ip ssh regenerate-host-key' due to requiring the user to say "Y/N" in a second part of the command.
Here is a redacted piece of the current code:
Edit: Added comments in green if anyone wants to run the code to check.
import paramiko
import os
import time
import logging
ip = r'Absolute path to iplist.txt'
iplist=[line.strip() for line in open('iplist.txt filename')
print(iplist)
def EsxCli(ipaddress):
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
client.connect(hostname = ipaddress , port='SSH port', username='login username',password='login password',look_for_keys=False)
stdin,stdout,stderr = client.exec_command('system print identity')
output_read = stdout.read()
print("Securing: ")
print(output_read)
stdin,stdout,stderr = client.exec_command('ip ssh set allow-none-crypto=no strong-crypto=yes host-key-size=4096')
stdin,stdout,stderr = client.exec_command('ip ssh regenerate-host-key')
#Code stops working here, have tried variations of combining "Y" to the regenerate-host-key command but this does not seem to work.
def StopVsfwd():
for j in iplist:
print(j)
EsxCli(j)
StopVsfwd()
I was wondering if anyone has a workaround for dealing with "confirmation" in routeros while using paramiko to execute commands?
I built a simple tool to quickly run through multiple units and restrict services + set strong crypto to yes and increase host-key-size.
The problem is this script seems to fail with: 'ip ssh regenerate-host-key' due to requiring the user to say "Y/N" in a second part of the command.
Here is a redacted piece of the current code:
Edit: Added comments in green if anyone wants to run the code to check.
import paramiko
import os
import time
import logging
ip = r'Absolute path to iplist.txt'
iplist=[line.strip() for line in open('iplist.txt filename')
print(iplist)
def EsxCli(ipaddress):
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
client.connect(hostname = ipaddress , port='SSH port', username='login username',password='login password',look_for_keys=False)
stdin,stdout,stderr = client.exec_command('system print identity')
output_read = stdout.read()
print("Securing: ")
print(output_read)
stdin,stdout,stderr = client.exec_command('ip ssh set allow-none-crypto=no strong-crypto=yes host-key-size=4096')
stdin,stdout,stderr = client.exec_command('ip ssh regenerate-host-key')
#Code stops working here, have tried variations of combining "Y" to the regenerate-host-key command but this does not seem to work.
def StopVsfwd():
for j in iplist:
print(j)
EsxCli(j)
StopVsfwd()
